Cyber Defense eMagazine September Edition for 2022 #CDM
#CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
#CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• Factors and metrics to consider in evaluating whether an incident is reportable<br />
• Data to be gathered <strong>for</strong> submission to CISA<br />
• Process to communicate with CISA<br />
• Personnel or roles with responsibilities related to evaluating and reporting an incident<br />
Organizations may need to include a frequent feedback loop in their external communication processes,<br />
as it is possible that a cybersecurity event may not become reportable until hours or even days later. An<br />
attack may initially appear to fall below the definition of ‘significant’ per the CISA, only to become<br />
significant and reportable upon further analysis or as new facts, such as an unexpected disclosure of<br />
data, come to light. Covered entities should implement processes to periodically review attacks deemed<br />
insignificant to ensure that a new understanding of the nature and scope of the attack does not elevate it<br />
to a reportable cyber incident.<br />
Another important element will be determining when the ‘clock starts’ <strong>for</strong> notification. A covered entity is<br />
required to report a cyber incident no later than 72 hours after it “reasonably believes” that one has<br />
occurred. However CISA defines reasonable belief, communication processes will have to be nimble<br />
enough to react quickly to changes related to the understanding of the security incident.<br />
For organizations that do not yet have processes defined <strong>for</strong> communicating about cybersecurity issues<br />
with external stakeholders, government or otherwise, the new law may be the necessary driver to<br />
implement an appropriate strategy. Multiple cybersecurity and IT control frameworks such as NIST-CSF,<br />
NIST 800-53 v5, ISO27001, or COBIT 2019 provide guidance and examples that help to establish<br />
procedures <strong>for</strong> communicating security incidents in an appropriate manner.<br />
With each new cyber security breach and ransomware attack, the need <strong>for</strong> a coordinated, substantive<br />
response becomes more evident. It remains to be seen whether this new law will live up to expectations,<br />
but every organization should monitor developments to see how it will affect their operations. For more<br />
in<strong>for</strong>mation about cybersecurity response plans, contact us. We are here to help.<br />
About the Author<br />
Trip Hillman, CISSP, CISA, CEH, GPEN, GCFE, GSNA<br />
Trip Hillman is a partner in Weaver’s IT Advisory practice. Focused on<br />
evaluating cybersecurity in a broad range of IT environments, he has<br />
consulted with Fortune 100 companies, private equity groups, small<br />
enterprises and government entities alike on security and compliance.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>September</strong> <strong>2022</strong> <strong>Edition</strong> 25<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.